mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
bd58ceccd8
The authenticators now have an encode function that cloudstack will use to encode the user supplied password before storing it in the database. This makes it easier to add other authenticators with other hashing algorithms. The requires a two step approach to creating the admin account at first start as the authenticators are only present in the management-server component locator. The SHA256 salted authenticator make use of this new system and adds a hashing algorithm based on SHA256 with a salt. This type of hash is far less susceptible to rainbow table attacks. To make use of these new features the users password will be sent over the wire just as he typed it and it will be transformed into a hash on the server and compared with the stored password. This means that the hash will not go over the wire anymore. The default authenticator in components.xml is still set to md5 for backwards compatibility. For new installations the sha256 could be enabled.
240 lines
18 KiB
XML
Executable File
240 lines
18 KiB
XML
Executable File
<?xml version="1.0"?>
|
|
<!--
|
|
Licensed to the Apache Software Foundation (ASF) under one
|
|
or more contributor license agreements. See the NOTICE file
|
|
distributed with this work for additional information
|
|
regarding copyright ownership. The ASF licenses this file
|
|
to you under the Apache License, Version 2.0 (the
|
|
"License"); you may not use this file except in compliance
|
|
with the License. You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing,
|
|
software distributed under the License is distributed on an
|
|
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
KIND, either express or implied. See the License for the
|
|
specific language governing permissions and limitations
|
|
under the License.
|
|
-->
|
|
<!--
|
|
components.xml is the configuration file for the VM Ops
|
|
insertion servers. Someone can quickly pull together an
|
|
insertion server by selecting the correct adapters to use.
|
|
|
|
Here are some places to look for information.
|
|
- To find out the general functionality that each Manager
|
|
or Adapter provide, look at the javadoc for the interface
|
|
that it implements. The interface is usually the
|
|
"key" attribute in the declaration.
|
|
- To find specific implementation of each Manager or
|
|
Adapter, look at the javadoc for the actual class. The
|
|
class can be found in the <class> element.
|
|
- To find out the configuration parameters for each Manager
|
|
or Adapter, look at the javadoc for the actual implementation
|
|
class. It should be documented in the description of the
|
|
class.
|
|
- To know more about the components.xml in general, look for
|
|
the javadoc for ComponentLocator.java.
|
|
|
|
If you found that the Manager or Adapter are not properly
|
|
documented, please contact the author.
|
|
-->
|
|
<components.xml>
|
|
<system-integrity-checker class="com.cloud.upgrade.DatabaseUpgradeChecker">
|
|
<checker name="ManagementServerNode" class="com.cloud.cluster.ManagementServerNode"/>
|
|
<checker name="EncryptionSecretKeyChecker" class="com.cloud.utils.crypt.EncryptionSecretKeyChecker"/>
|
|
<checker name="DatabaseIntegrityChecker" class="com.cloud.upgrade.DatabaseIntegrityChecker"/>
|
|
<checker name="DatabaseUpgradeChecker" class="com.cloud.upgrade.PremiumDatabaseUpgradeChecker"/>
|
|
</system-integrity-checker>
|
|
|
|
<interceptor library="com.cloud.configuration.DefaultInterceptorLibrary"/>
|
|
<management-server class="com.cloud.server.ManagementServerExtImpl" library="com.cloud.configuration.PremiumComponentLibrary">
|
|
<dao name="Configuration configuration server" class="com.cloud.configuration.dao.ConfigurationDaoImpl">
|
|
<param name="premium">true</param>
|
|
</dao>
|
|
<adapters key="com.cloud.agent.manager.allocator.HostAllocator">
|
|
<adapter name="FirstFitRouting" class="com.cloud.agent.manager.allocator.impl.FirstFitRoutingAllocator"/>
|
|
<!--adapter name="FirstFitRouting" class="com.cloud.agent.manager.allocator.impl.RecreateHostAllocator"/-->
|
|
<!--adapter name="FirstFit" class="com.cloud.agent.manager.allocator.impl.FirstFitAllocator"/-->
|
|
</adapters>
|
|
<adapters key="com.cloud.storage.allocator.StoragePoolAllocator">
|
|
<adapter name="LocalStorage" class="com.cloud.storage.allocator.LocalStoragePoolAllocator"/>
|
|
<adapter name="Storage" class="com.cloud.storage.allocator.FirstFitStoragePoolAllocator"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.agent.manager.allocator.PodAllocator">
|
|
<adapter name="User First" class="com.cloud.agent.manager.allocator.impl.UserConcentratedAllocator"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.consoleproxy.ConsoleProxyAllocator">
|
|
<adapter name="Balance" class="com.cloud.consoleproxy.ConsoleProxyBalanceAllocator"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.network.guru.NetworkGuru">
|
|
<!--
|
|
NOTE: The order of those gurus implicates priority of network traffic types the guru implements.
|
|
The upper the higher priority. It effects listTafficTypeImplementors API which returns impelmentor
|
|
of a specific network traffic.
|
|
A fair question is, if two gurus implement the same two network traffic types, but these traffic types
|
|
have cross priority, how to rank them? For example:
|
|
GuruA (TrafficTypeA, TrafficTypeB)
|
|
GuruB (TrafficTypeA, TrafficTypeB)
|
|
we want GuruB.TrafficTypeB > GuruA.TrafficTypeB and GuruB.TrafficTypeA < GuruA.TrafficTypeA. As the priority
|
|
implicated by order can not map to multiple traffic type, you have to do implement GuruC which inherits GuruB
|
|
for TrafficTypeB. Then ranking them in order of:
|
|
GuruC (TrafficTypeB)
|
|
GuruA (TrafficTypeA, TrafficTypeB)
|
|
GuruB (TrafficTypeA, TrafficTypeB)
|
|
now GuruC represents TrafficTypeB with highest priority while GuruA represents TrafficTypeA with highest pirority.
|
|
|
|
However, above case barely happens.
|
|
-->
|
|
|
|
<adapter name="StorageNetworkGuru" class="com.cloud.network.guru.StorageNetworkGuru"/>
|
|
<adapter name="ExternalGuestNetworkGuru" class="com.cloud.network.guru.ExternalGuestNetworkGuru"/>
|
|
<adapter name="PublicNetworkGuru" class="com.cloud.network.guru.PublicNetworkGuru"/>
|
|
<adapter name="PodBasedNetworkGuru" class="com.cloud.network.guru.PodBasedNetworkGuru"/>
|
|
<adapter name="ControlNetworkGuru" class="com.cloud.network.guru.ControlNetworkGuru"/>
|
|
<adapter name="DirectNetworkGuru" class="com.cloud.network.guru.DirectNetworkGuru"/>
|
|
<adapter name="DirectPodBasedNetworkGuru" class="com.cloud.network.guru.DirectPodBasedNetworkGuru"/>
|
|
<adapter name="OvsGuestNetworkGuru" class="com.cloud.network.guru.OvsGuestNetworkGuru"/>
|
|
<adapter name="PrivateNetworkGuru" class="com.cloud.network.guru.PrivateNetworkGuru"/>
|
|
<adapter name="NiciraNvpGuestNetworkGuru" class="com.cloud.network.guru.NiciraNvpGuestNetworkGuru"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.cluster.ClusterServiceAdapter">
|
|
<adapter name="ClusterService" class="com.cloud.cluster.ClusterServiceServletAdapter"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.storage.secondary.SecondaryStorageVmAllocator">
|
|
<adapter name="Balance" class="com.cloud.storage.secondary.SecondaryStorageVmDefaultAllocator"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.network.IpAddrAllocator">
|
|
<adapter name="Basic" class="com.cloud.network.ExteralIpAddressAllocator"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.server.auth.UserAuthenticator">
|
|
<!-- <adapter name="SHA256SALT" class="com.cloud.server.auth.SHA256SaltedUserAuthenticator"/> -->
|
|
<adapter name="MD5" class="com.cloud.server.auth.MD5UserAuthenticator"/>
|
|
<adapter name="LDAP" class="com.cloud.server.auth.LDAPUserAuthenticator"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.ha.Investigator">
|
|
<adapter name="SimpleInvestigator" class="com.cloud.ha.CheckOnAgentInvestigator"/>
|
|
<adapter name="XenServerInvestigator" class="com.cloud.ha.XenServerInvestigator"/>
|
|
<adapter name="PingInvestigator" class="com.cloud.ha.UserVmDomRInvestigator"/>
|
|
<adapter name="ManagementIPSysVMInvestigator" class="com.cloud.ha.ManagementIPSystemVMInvestigator"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.ha.FenceBuilder">
|
|
<adapter name="XenServerFenceBuilder" class="com.cloud.ha.XenServerFencer"/>
|
|
<adapter name="KVMFenceBuilder" class="com.cloud.ha.KVMFencer"/>
|
|
<adapter name="OvmFenceBuilder" class="com.cloud.ovm.hypervisor.OvmFencer"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.hypervisor.HypervisorGuru">
|
|
<adapter name="XenServerGuru" class="com.cloud.hypervisor.XenServerGuru"/>
|
|
<adapter name="KVMGuru" class="com.cloud.hypervisor.KVMGuru"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.resource.Discoverer">
|
|
<adapter name="XCP Agent" class="com.cloud.hypervisor.xen.discoverer.XcpServerDiscoverer"/>
|
|
<adapter name="SecondaryStorage" class="com.cloud.storage.secondary.SecondaryStorageDiscoverer"/>
|
|
<adapter name="KVM Agent" class="com.cloud.hypervisor.kvm.discoverer.KvmServerDiscoverer"/>
|
|
<adapter name="Bare Metal Agent" class="com.cloud.baremetal.BareMetalDiscoverer"/>
|
|
<adapter name="SCVMMServer" class="com.cloud.hypervisor.hyperv.HypervServerDiscoverer"/>
|
|
<adapter name="Ovm Discover" class="com.cloud.ovm.hypervisor.OvmDiscoverer" />
|
|
</adapters>
|
|
<adapters key="com.cloud.deploy.DeploymentPlanner">
|
|
<adapter name="First Fit" class="com.cloud.deploy.FirstFitPlanner"/>
|
|
<adapter name="UserDispersing" class="com.cloud.deploy.UserDispersingPlanner"/>
|
|
<adapter name="UserConcentratedPod" class="com.cloud.deploy.UserConcentratedPodPlanner"/>
|
|
<adapter name="BareMetal Fit" class="com.cloud.deploy.BareMetalPlanner"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.alert.AlertAdapter">
|
|
<adapter name="ClusterAlert" class="com.cloud.alert.ClusterAlertAdapter"/>
|
|
<adapter name="ConsoleProxyAlert" class="com.cloud.alert.ConsoleProxyAlertAdapter"/>
|
|
<adapter name="SecondaryStorageVmAlert" class="com.cloud.alert.SecondaryStorageVmAlertAdapter"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.acl.SecurityChecker">
|
|
<adapter name="DomainChecker" class="com.cloud.acl.DomainChecker"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.network.element.NetworkElement">
|
|
<adapter name="VirtualRouter" class="com.cloud.network.element.VirtualRouterElement"/>
|
|
<adapter name="Ovs" class="com.cloud.network.element.OvsElement"/>
|
|
<adapter name="ExternalDhcpServer" class="com.cloud.network.element.ExternalDhcpElement"/>
|
|
<adapter name="BareMetal" class="com.cloud.network.element.BareMetalElement"/>
|
|
<adapter name="SecurityGroupProvider" class="com.cloud.network.element.SecurityGroupElement"/>
|
|
<adapter name="VpcVirtualRouter" class="com.cloud.network.element.VpcVirtualRouterElement"/>
|
|
<adapter name="NiciraNvp" class="com.cloud.network.element.NiciraNvpElement"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.cluster.agentlb.AgentLoadBalancerPlanner">
|
|
<adapter name="ClusterBasedAgentLbPlanner" class="com.cloud.cluster.agentlb.ClusterBasedAgentLoadBalancerPlanner"/>
|
|
</adapters>
|
|
<adapters key="com.cloud.hypervisor.HypervisorGuru">
|
|
<adapter name="XenServerGuru" class="com.cloud.hypervisor.XenServerGuru"/>
|
|
<adapter name="KVMGuru" class="com.cloud.hypervisor.KVMGuru"/>
|
|
<adapter name="BareMetalGuru" class="com.cloud.baremetal.BareMetalGuru"/>
|
|
<adapter name="HypervGuru" class="com.cloud.hypervisor.guru.HypervGuru"/>
|
|
<adapter name="OvmGuru" class="com.cloud.ovm.hypervisor.OvmGuru" />
|
|
</adapters>
|
|
<adapters key="com.cloud.agent.StartupCommandProcessor">
|
|
<adapter name="BasicAgentAuthorizer" class="com.cloud.agent.manager.authn.impl.BasicAgentAuthManager"/>
|
|
</adapters>
|
|
<manager name="OvsTunnelManager" key="com.cloud.network.ovs.OvsTunnelManager" class="com.cloud.network.ovs.OvsTunnelManagerImpl"/>
|
|
<manager name="ElasticLoadBalancerManager" key="com.cloud.network.lb.ElasticLoadBalancerManager" class="com.cloud.network.lb.ElasticLoadBalancerManagerImpl"/>
|
|
<pluggableservice name="VirtualRouterElementService" key="com.cloud.network.element.VirtualRouterElementService" class="com.cloud.network.element.VirtualRouterElement"/>
|
|
<pluggableservice name="NiciraNvpElementService" key="com.cloud.network.element.NiciraNvpElementService" class="com.cloud.network.element.NiciraNvpElement"/>
|
|
<dao name="OvsTunnelInterfaceDao" class="com.cloud.network.ovs.dao.OvsTunnelInterfaceDaoImpl" singleton="false"/>
|
|
<dao name="OvsTunnelAccountDao" class="com.cloud.network.ovs.dao.OvsTunnelNetworkDaoImpl" singleton="false"/>
|
|
<dao name="NiciraNvpDao" class="com.cloud.network.dao.NiciraNvpDaoImpl" singleton="false"/>
|
|
<dao name="NiciraNvpNicMappingDao" class="com.cloud.network.dao.NiciraNvpNicMappingDaoImpl" singleton="false"/>
|
|
<dao name="NiciraNvpRouterMappingDao" class="com.cloud.network.dao.NiciraNvpRouterMappingDaoImpl" singleton="false"/>
|
|
<dao name="ElasticLbVmMapDao" class="com.cloud.network.lb.dao.ElasticLbVmMapDaoImpl" singleton="false"/>
|
|
</management-server>
|
|
|
|
<configuration-server class="com.cloud.server.ConfigurationServerImpl">
|
|
<dao name="Configuration configuration server" class="com.cloud.configuration.dao.ConfigurationDaoImpl" singleton="false">
|
|
<param name="premium">true</param>
|
|
</dao>
|
|
<dao name="Snapshot policy defaults" class="com.cloud.storage.dao.SnapshotPolicyDaoImpl" singleton="false"/>
|
|
<dao name="DiskOffering configuration server" class="com.cloud.storage.dao.DiskOfferingDaoImpl" singleton="false"/>
|
|
<dao name="ServiceOffering configuration server" class="com.cloud.service.dao.ServiceOfferingDaoImpl" singleton="false"/>
|
|
<dao name="host zone configuration server" class="com.cloud.dc.dao.DataCenterDaoImpl" singleton="false"/>
|
|
<dao name="host pod configuration server" class="com.cloud.dc.dao.HostPodDaoImpl" singleton="false"/>
|
|
<dao name="DomainDao" class="com.cloud.domain.dao.DomainDaoImpl" singleton="false"/>
|
|
<dao name="NetworkOfferingDao" class="com.cloud.offerings.dao.NetworkOfferingDaoImpl" singleton="false"/>
|
|
<dao name="DataCenterDao" class="com.cloud.dc.dao.DataCenterDaoImpl" singleton="false"/>
|
|
<dao name="NetworkDao" class="com.cloud.network.dao.NetworkDaoImpl" singleton="false"/>
|
|
<dao name="IpAddressDao" class="com.cloud.network.dao.IPAddressDaoImpl" singleton="false"/>
|
|
<dao name="VlanDao" class="com.cloud.dc.dao.VlanDaoImpl" singleton="false"/>
|
|
<dao name="ResouceCountDao" class="com.cloud.configuration.dao.ResourceCountDaoImpl" singleton="false"/>
|
|
<dao name="AccountDao" class="com.cloud.user.dao.AccountDaoImpl" singleton="false"/>
|
|
<dao name="UserDao" class="com.cloud.user.dao.UserDaoImpl" singleton="false"/>
|
|
<dao name="NetworkOfferingServiceDao" class="com.cloud.offerings.dao.NetworkOfferingServiceMapDaoImpl" singleton="false"/>
|
|
<dao name="VirtualRouterProviderDao" class="com.cloud.network.dao.VirtualRouterProviderDaoImpl" singleton="false"/>
|
|
<dao name="IdentityDao" class="com.cloud.uuididentity.dao.IdentityDaoImpl" singleton="false"/>
|
|
<dao name="Site2SiteCustomerGatewayDao" class="com.cloud.network.dao.Site2SiteCustomerGatewayDaoImpl" singleton="false"/>
|
|
<dao name="Site2SiteVpnGatewayDao" class="com.cloud.network.dao.Site2SiteVpnGatewayDaoImpl" singleton="false"/>
|
|
<dao name="Site2SiteVpnConnectionDao" class="com.cloud.network.dao.Site2SiteVpnConnectionDaoImpl" singleton="false"/>
|
|
</configuration-server>
|
|
|
|
<awsapi-ec2server class="com.cloud.bridge.service.EC2MainServlet">
|
|
<dao name="CloudStackConfigurationDao" class="com.cloud.bridge.persist.dao.CloudStackConfigurationDaoImpl" singleton="false"/>
|
|
<dao name="UserCredentialsDao" class="com.cloud.bridge.persist.dao.UserCredentialsDaoImpl" singleton="false"/>
|
|
<dao name="CloudStackSvcOfferingDao" class="com.cloud.bridge.persist.dao.CloudStackSvcOfferingDaoImpl" singleton="false"/>
|
|
<dao name="OfferingDao" class="com.cloud.bridge.persist.dao.OfferingDaoImpl" singleton="false"/>
|
|
<dao name="CloudStackAccountDao" class="com.cloud.bridge.persist.dao.CloudStackAccountDaoImpl" singleton="false"/>
|
|
</awsapi-ec2server>
|
|
|
|
<awsapi-s3server class="com.cloud.bridge.service.S3RestServlet">
|
|
<dao name="CloudStackConfigurationDao" class="com.cloud.bridge.persist.dao.CloudStackConfigurationDaoImpl" singleton="false"/>
|
|
<dao name="MHostDao" class="com.cloud.bridge.persist.dao.MHostDaoImpl" singleton="false"/>
|
|
<dao name="SHostDao" class="com.cloud.bridge.persist.dao.SHostDaoImpl" singleton="false"/>
|
|
<dao name="UserCredentialsDao" class="com.cloud.bridge.persist.dao.UserCredentialsDaoImpl" singleton="false"/>
|
|
<dao name="BucketPolicyDao" class="com.cloud.bridge.persist.dao.BucketPolicyDaoImpl" singleton="false"/>
|
|
<dao name="MHostMountDao" class="com.cloud.bridge.persist.dao.MHostMountDaoImpl" singleton="false"/>
|
|
<dao name="SAclDao" class="com.cloud.bridge.persist.dao.SAclDaoImpl" singleton="false"/>
|
|
<dao name="SBucketDao" class="com.cloud.bridge.persist.dao.SBucketDaoImpl" singleton="false"/>
|
|
<dao name="SMetaDao" class="com.cloud.bridge.persist.dao.SMetaDaoImpl" singleton="false"/>
|
|
<dao name="SObjectDao" class="com.cloud.bridge.persist.dao.SObjectDaoImpl" singleton="false"/>
|
|
<dao name="SObjectItemDao" class="com.cloud.bridge.persist.dao.SObjectItemDaoImpl" singleton="false"/>
|
|
<dao name="MultiPartPartsDao" class="com.cloud.bridge.persist.dao.MultiPartPartsDaoImpl" singleton="false"/>
|
|
<dao name="MultiPartUploadsDao" class="com.cloud.bridge.persist.dao.MultiPartUploadsDaoImpl" singleton="false"/>
|
|
<dao name="MultipartMetaDao" class="com.cloud.bridge.persist.dao.MultipartMetaDaoImpl" singleton="false"/>
|
|
<dao name="UserCredentialsDao" class="com.cloud.bridge.persist.dao.UserCredentialsDaoImpl" singleton="false"/>
|
|
</awsapi-s3server>
|
|
|
|
</components.xml>
|